[Openid-specs-ab] [openid/connect] Messages 2.3.1 - Do we really need the UserInfo "schema" and "id" parameters? (issue #801)
issues-reply at bitbucket.org
Thu Mar 7 13:35:18 UTC 2013
--- you can reply above this line ---
New issue 801: Messages 2.3.1 - Do we really need the UserInfo "schema" and "id" parameters?
We need to clarify whether it's the resposibility of the Client to always add the "schema=openid" parameter to all UserInfo requests or whether it's the responsibility of the OP to publish a UserInfo Endpoint address that contains any necessary parameters for the OpenID schema to be used, when necessary, which would mean that the Client would simply use the URL provided. I'm increasingly thinking we should do the latter.
If we do this, we would delete the text about the "schema" and "id" parameters from Messages, Basic, and Implicit entirely.
We could still give non-normative guidance in Discovery in the userinfo_endpoint description saying that if the resource supports multiple schemas, that it is the respibility of the OP to add whatever parameters are necessary to the URL provided so that the OpenID schema is used - for instance by including "?schema=openid" as part of the URL.
This is an issue notification from bitbucket.org. You are receiving
this either because you are the owner of the issue, or you are
following the issue.
More information about the Openid-specs-ab